SHANGHAI — American security firm Kryptowire discovered preinstalled software on several Android phone models in the U.S. that secretly monitored its users.
The company stumbled upon the issue after noticing unusual network activity on a BLU R1 HD mobile phone owned by a researcher. According to the Kryptowire report, software on the device was found to be collecting message and call logs, contact lists, location information, and other personal data.
After encryption, the information was transmitted to four servers in Shanghai, later found to be registered to a Chinese company called Shanghai Adups Technology Co., Ltd. Data transmission occurred every 72 hours for message and call logs, and every 24 hours for other personally identifiable information.
Adups’ software was also capable of executing remote commands, including installing and updating applications on a phone. Anti-virus tools assumed the software was not malware since it came with the device, and were thus unable to detect its suspicious behavior.
Adups claims the software was designed to help a Chinese manufacturer monitor user behavior, but that it was never meant to be on American phones.
The full scope of the problem is still unclear, though 120,000 phones from American manufacturer BLU were among those affected.